You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Before requesting help or asking questions, please give the following items some consideration to avoid wasting your and our time and for optimizing the time it takes to find a solution.
If you require help with configuring special features of strongSwan, browse the Configuration, Features and Howtos sections in the documentation first.
Finding solutions for your problems effectively and efficiently
Read the manuals (i.e. the man pages that come with your version of strongSwan)
Make sure your version of the man pages correspond to strongSwan and not FreeS/WAN, Openswan or Libreswan.
The software that a man page belongs to is usually printed in the center top of the man page when it's initially opened.
Make sure you put the files into the right directories. On distributions that stem from RHEL, strongSwan configuration files are under /etc/strongswan.
Make sure your version is up to date. A lot of actual bugs (not user error) are fixed in newer versions of strongSwan.
Search existing posts, issues and the old mailing list archives for keywords from the logs or keywords that describe your issue (it's usually easiest to use your favorite search engine directly as you might also find answers on Stack Exchange etc.).
Now, you may ask for help. Please write in English only. Do not write your posts in any other language.
Please attach your complete config files (ipsec.conf, strongswan.conf, swanctl.conf etc.) and a complete log file showing the problem.
Please supply text files. Pictures are not useful.
We generally require all of the following from you:
The complete log from daemon start to the point where the problem occurs (see below for a config snippet)
The complete configuration (ipsec.conf or swanctl.conf, depending on which configuration backend you are using)
The complete current status of the daemon (ipsec statusall or swanctl -L and swanctl -l)
The complete firewall rules (output of iptables-save and ip6tables-save on Linux, analogously on other operating systems using the corresponding command(s))
The complete contents of all routing tables (output of ip route show table all on Linux, analogously on other operating systems)
The complete overview over all IP addresses (output of ip address on Linux, analogously on other operating systems)
When you create a log file, use the log settings below, unless we tell you otherwise. If you (or your distribution) use a Linux Security Module (LSM), like AppArmor, Selinux, YAMA or TOMOYO, you need to allow the IKE daemon (charon, charon-systemd etc.) to create and write to that file first, or disable the LSM for the time of the debugging. Obviously, allowing the daemon to create and write the file is preferred.
filelog {
# since 5.7.0 the path to the log file has to be specified in a separate setting if it contains dots,
# use an arbitrary name without dots for the section instead of the one given here
charon-debug-log {
# this setting is required with 5.7.0 and newer if the path contains dots
path = /var/log/charon_debug.log
time_format = %a, %Y-%m-%d, %H:%M:%S
default = 2
net = 1
enc = 1
asn = 1
job = 1
ike_name = yes
append = no
flush_line = yes
}
}
IMPORTANT: On Windows, use a different path from `/var/log/...` or `/tmp/`. Use, for example, just `charon.log`, which creates the file in the working directory of the process (if it is allowed to do so).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Before requesting help or asking questions, please give the following items some consideration to avoid wasting your and our time and for optimizing the time it takes to find a solution.
If you are new to strongSwan please read the introduction.
If you look for help regarding configuration, base your configuration on the quickstart examples first to avoid generic problems.
If you have problems with traffic not reaching hosts via VPN, read the documentation regarding forwarding traffic, split-tunneling and MTU/MSS issues.
If you require help with configuring special features of strongSwan, browse the Configuration, Features and Howtos sections in the documentation first.
Finding solutions for your problems effectively and efficiently
For other problems please follow these steps:
Make sure your version of the man pages correspond to strongSwan and not FreeS/WAN, Openswan or Libreswan.
The software that a man page belongs to is usually printed in the center top of the man page when it's initially opened.
/etc/strongswan
.Please attach your complete config files (ipsec.conf, strongswan.conf, swanctl.conf etc.) and a complete log file showing the problem.
Please supply text files. Pictures are not useful.
We generally require all of the following from you:
ipsec statusall
orswanctl -L
andswanctl -l
)iptables-save
andip6tables-save
on Linux, analogously on other operating systems using the corresponding command(s))ip route show table all
on Linux, analogously on other operating systems)ip address
on Linux, analogously on other operating systems)When you create a log file, use the log settings below, unless we tell you otherwise. If you (or your distribution) use a Linux Security Module (LSM), like AppArmor, Selinux, YAMA or TOMOYO, you need to allow the IKE daemon (charon, charon-systemd etc.) to create and write to that file first, or disable the LSM for the time of the debugging. Obviously, allowing the daemon to create and write the file is preferred.
Log Config Snippet
This snippet can be used as a template to configure more detailed logging.
strongswan >= 5.7.0
strongswan < 5.7.0
IMPORTANT: On Windows, use a different path from `/var/log/...` or `/tmp/`. Use, for example, just `charon.log`, which creates the file in the working directory of the process (if it is allowed to do so).
Beta Was this translation helpful? Give feedback.
All reactions